openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #16148
[Bug 974472] Re: Users_Ldap shows admin password
pushed in trunk r7636
thanks for reporting.
** Changed in: openobject-addons
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/974472
Title:
Users_Ldap shows admin password
Status in OpenERP Addons (modules):
Fix Released
Bug description:
By default after installing the addon in 6.1 it requests the admin
password in order to query the global catalog. The password is then
saved and shown in the clear any time someone views the configuration.
It should be possible to see the configuration without seeing the
password.
The password is also stored in plain text in the database! This is a
password that can query your AD/LDAP global catalog. It's very bad if
people were to get a hold of this password.
1) Steps to reproduce the issue you have observed
Install openerp 6.1 and install the users_ldap addon. Configure the
addon. Now visit that company's configuration tab, and inside will be
the ldap settings. Double clicking on those will show you a view that
includes the plain text password.
2) The result you observed
Seeing the password we previously entered.
3) The result you expected
Having the password be starred, or hidden, or not visible but editable through a dialogue.
4) The platform your are using
debian/ubunutu
5) The OpenERP version you are using (e.g. 5.0.15, 6.0-dev), if possible including the specific
6.1 alpha and 6.1 stable .deb packages confirmed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/974472/+subscriptions
References